Re: Am I understanding this right?

From: David Efflandt (efflandt_at_xnet.com)
Date: 09/13/03


Date: Sat, 13 Sep 2003 03:34:54 +0000 (UTC)

On Fri, 12 Sep 2003, Fao, Sean <enceladus311@yahoo.comI-WANT-NO-SPAM> wrote:
> I decided that I wanted to use a Linux server for a VPN. Now that the 2.6.x
> kernel is almost out with IPSec included, I thought I would put together a
> test system to route private traffic to my Windows server at work.
>
> What I would like to be able to do is this:
>
> Home PC -> Linux Server -> Internet -> Windows Server -> Work LAN
>
> What I had thought is that I would set up my router so that anything
> intended for the companies private IP address block would be routed over the
> VPN, while anything else would just go through normally. The one thing that
> I didn't want to have to do was connect with a Windows client; I can already
> do that and I don't like it because once I connect, everything goes through
> the VPN. Also, if I were to ever set this up at work, I wouldn't want the
> users to have to make another manual connection.

I do not know how ipsec in the new kernels will work, but judging from
freeswan, it would just be a matter of proper routing on your Linux server
(along with iptables rules to allow what you need to). You would just
need a -net route to your factory LAN or WAN using ipsec0 for interface
(which may be automatic when ipsec is connected), and default route to
internet.

Our company does that, but using SonicWall hardware devices. So traffic
for private IPs at our factory WAN go through the VPN (1700 miles), and
internet traffic goes directly out our sdsl.

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/